Strategic Cybersecurity, Module 5: Vulnerabilities and Vectors.
This lecture describes the classification of the Internet into five distinct layers (geographic, physical network, logic, cyber persona, and persona) and the vulnerabilities of each of those layers. The module also looks at common types of cyber attacks.
The Objective
Once you have completed the readings, lecture, activity, and assessment, you will be able to:
- Describe the five layers of the Internet from which all vulnerabilities arise
- Describe the following: DDoS attack, spear phishing attack, zero-day exploit.
As your readings for this module have noted, the Internet was originally designed to be an open system for sharing information, but securing its infrastructure was largely an afterthought.
The 5 Layers of The Internet
Rosenzweig provides a relatively easy-to-understand classification of the Internet into five distinct layers:
- a geographic layer,
- a physical network layer,
- a logic layer,
- a cyber persona layer,
- and a persona layer.
Each of these layers has its own specific vulnerabilities, which we will discuss in this module.
Geographic Layer
The geographic layer of the Internet comprises the physical location of its components, such as computers, servers, routers, and cables that are linked throughout the world.
Due to the diverse locations of these components, they are subject to various legal and political jurisdiction, making open, unadulterated access difficult to ensure.
One vulnerability of the geographic layer, then, might be an authoritarian government that filters information it deems subversive.
Physical Network Layer
The physical network layer of the Internet comprises its actual equipment and components, such as the computers, servers, routers, and cables just mentioned.
One example of a vulnerability to the physical layer is a major geological event, such as the 2006 earthquake off the coast of Taiwan. That earthquake damaged several communications cables, disrupting the Internet service in Japan, Taiwan, South Korea, China, and other Asian countries.
Another example of a physical layer vulnerability is the accidental cut of a fiber-optic cable during construction work. This error can disrupt Internet service for an entire building or neighborhood.
Logic Layer
The logic layer represents the binary system of the Internet's integrated circuits, storing and transmitting the ones and zeros as needed. Vulnerability in this layer includes disruption of the computer code for illicit purposes, a primary focus of malware.
Another example of vulnerability to the logic layer is a zero-day exploit, in which a user identifies a weakness in the computer program's code and sells or uses this information to gain unlawful access to the program or even to crash it.
Once the vulnerability is realized by the owners of the computer code, it is generally immediately patched.
Cyber Persona Layer
The cyber persona layer represents merely how the users of the Internet are identified. The cyber persona layer includes such elements as your email addresses and IP addresses associated with your communication devices.
Let's say you receive a message from an email address that, at first glance, appears to be from your bank, but it is, in fact, slightly different. It asks you for confidential information, such as your username and password. You have now just experienced a vulnerability of the cyber persona layer of the Internet.
Persona Layer
The fifth layer of the Internet, the persona layer, comprises the actual people using the Internet, not just the representations with email or IP addresses. In many ways, the persona layer is most vulnerable to malicious actions such as socially engineered phishing emails.
When we are tired or overworked, we may unwittingly open a spoofed email, not realizing what we thought was our bank's email address is actually one character off and from a criminal instead.
DDoS attack
In addition to the description of the five layers of the Internet, this module's readings highlighted several common types of cyber attacks. One of the more common attacks you will see is a distributed denial of service, or DDoS, attack. A DDoS attack occurs when hundreds or thousands of computers, infected with a specific form of malware, barrages a specific server with request for information. This barrage of requests can overburden a server to a point that it crashes.
Quiz Question 1: Which of the following is not part of Rosenzweig's five layers of the Internet?
A: geographic layer.
B: BIOS layer.
C: physical network layer.
D: logic layer.
E: persona layer.
The answer is B: BIOS layer.
Quiz Question 2: 101 True or false: The geographic layer of the Internet comprises its actual equipment and components, such as computers, servers, routers, and cables.
The answer is False. The physical network layer comprises its actual equipment and components, such as computers, servers, routers, and cables.
Quiz Question 3: Which type of cyber attack is defined as when hundreds or thousands of computers infected with a specific form of malware barrage a specific server with request for information, resulting in a server crash?
A: zero-day exploit.
B: phishing email.
C: DDoS attack.
D: botnet.
The answer is C: DDoS attack.
The activity for this module asks that using a paper and pen, or any type of drawing app, illustrate the five distinct layers of the Internet as well as one vulnerability that might occur in that layer. You may use images, text, or anything else to communicate your thoughts. When finished, consider if you are more vulnerable in some layers versus others.
Go to: Module 6: Adversaries and APTs
“Strategic Cybersecurity” by Augusta University is licensed under CC BY 4.0 / Original video transcribed and re-structured.